|
901
|
6.5 |
MEDIUM
隣接
|
-
|
-
|
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to disclose information over an adjacent network.
|
CWE-416
解放済みメモリの使用
|
CVE-2026-27925
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
902
|
7.0 |
HIGH
ローカル
|
-
|
-
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
|
CWE-362
CWE-416
競合状態
解放済みメモリの使用
|
CVE-2026-27926
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
903
|
7.8 |
HIGH
ローカル
|
-
|
-
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Projected File System allows an authorized attacker to elevate privileges locally.
|
CWE-362
CWE-416
競合状態
解放済みメモリの使用
|
CVE-2026-27927
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
904
|
8.7 |
HIGH
ネットワーク
|
-
|
-
|
Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network.
|
CWE-20
不適切な入力確認
|
CVE-2026-27928
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
905
|
7.0 |
HIGH
ローカル
|
-
|
-
|
Time-of-check time-of-use (toctou) race condition in Windows LUAFV allows an authorized attacker to elevate privileges locally.
|
CWE-367
Time-of-check Time-of-use (TOCTOU) 競合状態
|
CVE-2026-27929
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
906
|
5.5 |
MEDIUM
ローカル
|
-
|
-
|
Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.
|
CWE-125
境界外読み取り
|
CVE-2026-27930
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
907
|
5.5 |
MEDIUM
ローカル
|
-
|
-
|
Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.
|
CWE-125
境界外読み取り
|
CVE-2026-27931
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
908
|
7.0 |
HIGH
ローカル
|
-
|
-
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
|
CWE-362
競合状態
|
CVE-2026-32068
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
909
|
7.8 |
HIGH
ローカル
|
-
|
-
|
Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
|
CWE-415
二重解放
|
CVE-2026-32069
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
910
|
7.0 |
HIGH
ローカル
|
-
|
-
|
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
|
CWE-416
解放済みメモリの使用
|
CVE-2026-32070
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
911
|
7.5 |
HIGH
ネットワーク
|
-
|
-
|
Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
|
CWE-476
NULL ポインタデリファレンス
|
CVE-2026-32071
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
912
|
6.2 |
MEDIUM
ローカル
|
-
|
-
|
Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally.
|
CWE-287
不適切な認証
|
CVE-2026-32072
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
913
|
7.0 |
HIGH
ローカル
|
-
|
-
|
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
|
CWE-416
解放済みメモリの使用
|
CVE-2026-32073
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
914
|
7.8 |
HIGH
ローカル
|
-
|
-
|
Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
|
CWE-415
二重解放
|
CVE-2026-32074
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
915
|
7.0 |
HIGH
ローカル
|
-
|
-
|
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
|
CWE-416
解放済みメモリの使用
|
CVE-2026-32075
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
916
|
7.8 |
HIGH
ローカル
|
-
|
-
|
Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
|
CWE-125
境界外読み取り
|
CVE-2026-32076
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
917
|
7.8 |
HIGH
ローカル
|
-
|
-
|
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
|
CWE-822
信頼性のないポインタデリファレンス
|
CVE-2026-32077
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
918
|
7.8 |
HIGH
ローカル
|
-
|
-
|
Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
|
CWE-416
解放済みメモリの使用
|
CVE-2026-32078
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
919
|
5.5 |
MEDIUM
ローカル
|
-
|
-
|
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
|
CWE-200
情報漏えい
|
CVE-2026-32079
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
920
|
7.0 |
HIGH
ローカル
|
-
|
-
|
Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally.
|
CWE-416
解放済みメモリの使用
|
CVE-2026-32080
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
921
|
5.5 |
MEDIUM
ローカル
|
-
|
-
|
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
|
CWE-200
情報漏えい
|
CVE-2026-32081
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
922
|
7.0 |
HIGH
ローカル
|
-
|
-
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
|
CWE-362
競合状態
|
CVE-2026-32082
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
923
|
7.0 |
HIGH
ローカル
|
-
|
-
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
|
CWE-362
競合状態
|
CVE-2026-32083
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
924
|
5.5 |
MEDIUM
ローカル
|
-
|
-
|
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
|
CWE-200
情報漏えい
|
CVE-2026-32084
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
925
|
5.5 |
MEDIUM
ローカル
|
-
|
-
|
Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an authorized attacker to disclose information locally.
|
CWE-200
情報漏えい
|
CVE-2026-32085
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
926
|
7.0 |
HIGH
ローカル
|
-
|
-
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
|
CWE-362
競合状態
|
CVE-2026-32086
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
927
|
7.0 |
HIGH
ローカル
|
-
|
-
|
Heap-based buffer overflow in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
|
CWE-122
ヒープオーバーフロー
|
CVE-2026-32087
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
928
|
6.1 |
MEDIUM
物理
|
-
|
-
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Biometric Service allows an unauthorized attacker to bypass a security feature with a physical a…
|
CWE-362
競合状態
|
CVE-2026-32088
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
929
|
7.8 |
HIGH
ローカル
|
-
|
-
|
Use after free in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.
|
CWE-362
CWE-416
競合状態
解放済みメモリの使用
|
CVE-2026-32089
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
930
|
7.8 |
HIGH
ローカル
|
-
|
-
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.
|
CWE-362
CWE-416
競合状態
解放済みメモリの使用
|
CVE-2026-32090
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
931
|
8.4 |
HIGH
ローカル
|
-
|
-
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
|
CWE-362
CWE-416
競合状態
解放済みメモリの使用
|
CVE-2026-32091
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
932
|
7.8 |
HIGH
ローカル
|
-
|
-
|
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
|
CWE-416
解放済みメモリの使用
|
CVE-2026-32152
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
933
|
7.8 |
HIGH
ローカル
|
-
|
-
|
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
|
CWE-416
解放済みメモリの使用
|
CVE-2026-32154
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
934
|
7.8 |
HIGH
ローカル
|
-
|
-
|
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
|
CWE-416
解放済みメモリの使用
|
CVE-2026-32155
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
935
|
7.4 |
HIGH
ローカル
|
-
|
-
|
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally.
|
CWE-416
解放済みメモリの使用
|
CVE-2026-32156
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
936
|
8.8 |
HIGH
ネットワーク
|
-
|
-
|
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
|
CWE-416
解放済みメモリの使用
|
CVE-2026-32157
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
937
|
6.7 |
MEDIUM
ローカル
|
-
|
-
|
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
|
CWE-89
SQLインジェクション
|
CVE-2026-32167
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
938
|
7.8 |
HIGH
ローカル
|
-
|
-
|
Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
|
CWE-20
不適切な入力確認
|
CVE-2026-32168
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
939
|
8.8 |
HIGH
ネットワーク
|
-
|
-
|
Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
|
CWE-522
認証情報の不十分な保護
|
CVE-2026-32171
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
940
|
6.7 |
MEDIUM
ローカル
|
-
|
-
|
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
|
CWE-89
SQLインジェクション
|
CVE-2026-32176
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
941
|
7.5 |
HIGH
ネットワーク
|
-
|
-
|
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
|
CWE-138
特殊要素の不適切な無害化
|
CVE-2026-32178
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
942
|
7.8 |
HIGH
ローカル
|
-
|
-
|
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally.
|
CWE-502
信頼性のないデータのデシリアライゼーション
|
CVE-2026-32184
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
943
|
7.1 |
HIGH
ローカル
|
-
|
-
|
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
|
CWE-125
境界外読み取り
|
CVE-2026-32188
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
944
|
7.8 |
HIGH
ローカル
|
-
|
-
|
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
|
CWE-416
解放済みメモリの使用
|
CVE-2026-32189
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
945
|
8.4 |
HIGH
ローカル
|
-
|
-
|
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
|
CWE-416
解放済みメモリの使用
|
CVE-2026-32190
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
946
|
7.8 |
HIGH
ローカル
|
-
|
-
|
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
|
CWE-502
信頼性のないデータのデシリアライゼーション
|
CVE-2026-32192
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
947
|
6.1 |
MEDIUM
ネットワーク
|
-
|
-
|
Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2026-32196
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
948
|
7.8 |
HIGH
ローカル
|
-
|
-
|
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
|
CWE-416
解放済みメモリの使用
|
CVE-2026-32197
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
949
|
7.8 |
HIGH
ローカル
|
-
|
-
|
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
|
CWE-416
解放済みメモリの使用
|
CVE-2026-32198
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
950
|
7.8 |
HIGH
ローカル
|
-
|
-
|
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
|
CWE-416
解放済みメモリの使用
|
CVE-2026-32199
|
2026-04-18 00:10 |
2026-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
